New research reveals the mind games used by cyber fraudsters to exploit human nature to gain money and personal information
McAfee Inc. have announced findings from new research revealing how organised crime is employing psychological mind games to trick PC users into handing over personal information and money.
The investigation into cybercrime trends, commissioned by McAfee in association with leading forensic psychologist, Professor Clive Hollin, based at University of Leicester in the UK, suggests Internet fraudsters are exploiting our deepest psychological vulnerabilities in the latest email scams. Cybercriminals are employing ever more cunning techniques such as assuming trustworthy identities, engaging in friendly banter and targeting human emotions such as fear, insecurity and greed.
The study reveals how cybercriminals are increasingly combining stealth code with calculating mind games to manipulate our behaviour and persuade us to open attachments, click on a link or enter personal information so they can pickpocket our personal information and online bank accounts.
By understanding how we make sense of information and what human traits affect our reactions to information, cybercriminals are manipulating our actions online. A prime example in the report shows how even common curiosity can prove our downfall and a scammers windfall. When an online ad promised to infect the computers of all those that clicked with a virus, 400 people still did exactly that!
Tactics of deception
The report highlights how cybercriminals work hard to reduce our scepticism and convince us that the email is legitimate. They use a combination of psychological tricks like making out that the email is from a friend or a trusted authority such as a credit card company.
To grab our attention and make the email stand out, they will use headlines to appeal to our personal interests such as shopping or dating.
The report also shows how typical email scams will contain essential elements that play on and exploit the human psychological vulnerabilities that drive us or influence us to do something for example, Click here for a reward or Click here to avoid something you dont want to happen.
The same cybercriminal practices were unearthed in US research commissioned by McAfee by Professor James J. Blascovich, Ph D. at University of California, Santa Barbara.
Cyber-mind manipulation: Whos at risk?
The study highlights that contrary to popular belief it is not simply the inexperienced Internet users that fall victim to online scams. In fact, the volume of online scams suggests cybercriminals are successful in ensnaring all sorts of PC users.
According to Professor Clive Hollin: Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users: while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages.
A constantly evolving threat
The McAfee Mind Games report also suggests that Internet fraudsters research the psychological hotspots and triggers of potential victims such as watching news headlines for emotional or worrisome world events or jumping on major sporting events in order to make the mind game more authentic.
Cybercriminals are capitalising on new social trends too. The MySpace and Facebook generation, with their frequent and informal use of email and site updates, often fail to question the legitimacy of emails or links and users have become the unsuspecting victims of both phishing and ID theft scams.
Cyber scammers are even now thinking beyond purely online mind games. They are successfully starting to manipulate our vulnerabilities by approaching via less suspicious routes, such as mobile phones.
Greg Day, security analyst at McAfee said: Perpetrators of crime learn from experience and become increasingly sophisticated: they learn what techniques are successful, who falls for what, what bypasses security, and so on. Like con men on the street devising new tricks, internet fraudsters need a never-ending supply of ways to exploit victims online. Bypassing mental barriers rather than software security is an increasingly evident tactic of cybercriminals and one that will only continue become more prolific in the raft of online attacks.
McAfees Avert Labs team identified real examples of common phishing scams to be analysed by Professor Hollin for the Mind Games study.
The samples gathered by McAfee were categorised to reflect the tone of the message (e.g., Voice of Authority), or the content of the message (e.g. Competition Winners), or the type of emotional manipulation (e.g. Playing on Embarrassment). This categorisation of material from real sites provided the material for analysis by Professor Hollin.
About McAfee, Inc.
McAfee Inc., one of the leading dedicated security technology companies, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security.